613 matches found
CVE-2024-35430
In ZKTeco ZKBio CVSecurity v6.1.1R and earlier fixed in 6.1.3R an authenticated user can bypass password checks while exporting data from the application...
CVE-2024-13601
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes i...
CVE-2024-13601
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes i...
CVE-2024-13601 Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference
The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.5 via the 'exportusereraserequest' function due to missing validation on a user controlled key. This makes i...
WordPress plugin Majestic Support 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress plugin...
CVE-2024-13607
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticat...
BIT-SUPERSET-2023-25504 Apache Superset: Possible SSRF on import datasets
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in...
CVE-2024-13607
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticat...
CVE-2024-13607
CVE-2024-13607 : The WordPress plugin “JS Help Desk – The Ultimate Help Desk & Support Plugin” is vulnerable to Insecure Direct Object Reference via exportusereraserequest in all versions up to and including 2.8.8. Authenticated users with Subscriber-level permissions and above can export ticket ...
CVE-2024-13607 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticat...
The vulnerability of the data export function of the Kyocera Net Viewer software, a monitoring and control device for multifunctional devices, allows a perpetrator to disclose protected information.
The vulnerability of the data export function of the Kyocera Net Viewer monitoring and control software relates to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...
CVE-2024-12637
The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user data. This could allow unauthenticated...
CVE-2024-12637 Moving Users <= 1.05 - Unauthenticated Sensitive Information Exposure
The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user data. This could allow unauthenticated...
CVE-2024-12637
Public technical details about CVE-2024-12637 are not provided in the Connected documents. The Initial Description notes Sensitive Information Exposure via export in Moving Users (WordPress) up to v1.05, but no further technical specifics or patches are included here.
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 versions 11.0.0 to 11.5.41, which stems from the vulnerability of the back-end user interface deep-linking functionality to a cross-site request...
PT-2025-1798 · WordPress · Appointment Booking Calendar Plugin
Name of the Vulnerable Software and Affected Versions: Appointment Booking Calendar Plugin and Scheduling Plugin versions prior to 1.1.23 Description: The export settings functionality in the Appointment Booking Calendar Plugin and Scheduling Plugin exports data to a public folder with an easily...
CVE-2024-12713
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...
CVE-2024-12713 SureForms – Drag and Drop Form Builder for WordPress <= 1.2.2 - Missing Authorization to Unauthenticated Protected Post Disclosure
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handleexportform function due to a missing capability check. This makes it possible for unauthenticated attackers to export data...
PT-2025-1935 · WordPress · Sureforms
Name of the Vulnerable Software and Affected Versions: SureForms – Drag and Drop Form Builder for WordPress versions up to, and including, 1.2.2 Description: The issue concerns a missing capability check in the handle export form function, allowing unauthenticated attackers to export data from...
CVE-2024-10866
The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dspexportimportmenus function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings...